1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
|
2019-02-10 Arthur de Jong <arthur@arthurdejong.org>
* [21323a0] .travis.yml, setup.py: Add Python 3.7 in Travis and
reduce build matrix
This runs the signxml flavour on all Python versions and only
runs all other flavours on Python 2.6 and 3.6.
2019-02-10 Arthur de Jong <arthur@arthurdejong.org>
* [c2abbec] setup.cfg: Make the multi-line operator place explicit
Recent versions of flake8 changed the defaults of the errors
to ignore.
2018-07-30 Arthur de Jong <arthur@arthurdejong.org>
* [5e93d32] pskc/crypto/aeskw.py: Ignore more flake8 messages
2018-05-21 Arthur de Jong <arthur@arthurdejong.org>
* [f4b2559] docs/index.rst, docs/scripts.rst: Add links to script
documentation
2018-04-21 Arthur de Jong <arthur@arthurdejong.org>
* [610f7cd] : Implement csv2pcks script
2018-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [7bbaac3] docs/csv2pskc.rst, pskc/scripts/csv2pskc.py,
tests/test_csv2pskc.doctest: Add --skip-columns option
This option can be used to skip a number of rows in the CSV file
before the key data is read. If the number of rows to skip is 0,
the column interpretation should be provided using the --columns
option.
2018-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [88002fc] docs/csv2pskc.rst, pskc/scripts/csv2pskc.py,
tests/test_csv2pskc.doctest: Add --set option
This option can be used to set key properties for all keys in
the PSKC file.
2018-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [e91e498] docs/csv2pskc.rst, pskc/scripts/csv2pskc.py,
tests/test_csv2pskc.doctest: Add --columns option
This option can be used to override the list of columns as found
in the first line of the CSV file or provide a mapping for values
found in the first line to PSKC properties.
2018-03-31 Arthur de Jong <arthur@arthurdejong.org>
* [c652eee] csv2pskc.py, docs/conf.py, docs/csv2pskc.rst,
pskc/scripts/csv2pskc.py, setup.py, tests/test_csv2pskc.doctest:
Add a csv2pskc script for CSV to PSKC conversion
This script reads a CSV file and writes out a PSKC file with the
key information from the CSV file. The CSV file is expected to
have one row for each key and key property values in columns.
2018-04-02 Arthur de Jong <arthur@arthurdejong.org>
* [ce96e69] pskc/scripts/__init__.py, pskc/scripts/pskc2csv.py,
pskc/scripts/pskc2pskc.py, pskc/scripts/util.py, pskc2csv.py,
pskc2pskc.py, setup.cfg, setup.py, tests/test_pskc2csv.doctest,
tests/test_pskc2pskc.doctest, tox.ini: Ship the script as part
of the pskc package
This also installs pskc2csv and pskc2pskc console script entry
points as part of the package installation.
2018-03-03 Arthur de Jong <arthur@arthurdejong.org>
* [7a56eac] pskc/__init__.py, pskc/device.py,
tests/test_misc.doctest: Support setting key sub-properties
via add_key()
2018-03-11 Arthur de Jong <arthur@arthurdejong.org>
* [e6f2dd4] pskc/encryption.py, tests/test_encryption.doctest,
tests/test_pskc2pskc.doctest, tests/test_write.doctest: Increase
default PBKDF2 iterations to 100000
2018-02-21 Arthur de Jong <arthur@arthurdejong.org>
* [9026e1c] setup.cfg: Support building a universal wheel
2018-02-15 Arthur de Jong <arthur@arthurdejong.org>
* [b3e7fe7] pskc/__init__.py, pskc/crypto/aeskw.py,
pskc/device.py, pskc/encryption.py, pskc/key.py, pskc/parser.py,
pskc/serialiser.py, pskc/signature.py, setup.cfg: Add and
cleanup docstrings
This adds docstrings to public methods and cleans up a few other
docstrings to pass most flake8 docstring related tests.
This also adds noqa statements in a few places so we can remove
most entries from the global flake8 ignore list.
2018-02-10 Arthur de Jong <arthur@arthurdejong.org>
* [03ee35d] docs/conf.py, docs/pskc2pskc.rst, pskc2pskc.py,
setup.cfg, tests/test_pskc2pskc.doctest: Add a pskc2pskc script
for converting PSKC files
This script reads a PSKC file in any supported format and writes
out a RFC 6030 compliant version of the file, optionally with
the encryption removed or (re-)encrypting the file with a new key.
2018-02-08 Arthur de Jong <arthur@arthurdejong.org>
* [924e1f3] pskc/serialiser.py, tests/test_write.doctest: Correctly
write a PSKC file without a MAC key
In some cases a PSKC file can be written with a MAC algorithm
but without a MAC key. This is possible when the MAC key is not
supplied (allowed in older PSKC versions) and a fallback to the
encryption key is done. If we have not yet decrypted the file
the MAC key is not yet available and so can't be included in
the written file.
2018-02-04 Arthur de Jong <arthur@arthurdejong.org>
* [be2b49f] pskc/encryption.py, pskc/serialiser.py,
tests/test_write.doctest: Correctly write a PSKC file with a
global IV
This ensures that the encryption IV, which should be per encrypted
value is written out per encrypted value instead of globally. This
is mostly useful for when reading an old format PSKC file and
writing out a RFC 6030 compliant one.
2018-02-07 Arthur de Jong <arthur@arthurdejong.org>
* [e60d7f3] pskc/mac.py, pskc/parser.py, pskc/serialiser.py:
Also use EncryptedValue for MAC key
This ensures that an encrypted MAC key is hanled in the same
way as normal encrypted data values.
This also ensures consistent fallback to the globally
configured encryption algorithm if no value has been set in
the EncryptedValue.
2018-01-31 Arthur de Jong <arthur@arthurdejong.org>
* [8054c6e] pskc/serialiser.py: Always output a PSKC 1.0 format file
This ignores the value of the version attribute in the PSKC
object and always writes a PSKC 1.0 (RFC 6030) format file.
2018-01-31 Arthur de Jong <arthur@arthurdejong.org>
* [97faa13] docs/encryption.rst, pskc/encryption.py,
tests/test_encryption.doctest, tests/test_write.doctest: Implement
removing encryption
This adds a function to decrypt all values and remove the
encryption of an encrypted PSKC file.
2018-02-08 Arthur de Jong <arthur@arthurdejong.org>
* [2698657] .travis.yml: Add a Travis configuration file
2018-02-04 Arthur de Jong <arthur@arthurdejong.org>
* [82fa3bd] pskc/encryption.py, pskc/serialiser.py, pskc2csv.py:
Fix code style issues
Fixes 1ff3237f, 84bfb8a6 and 20bf9c5
2017-12-29 Arthur de Jong <arthur@arthurdejong.org>
* [2693495] tests/test_misc.doctest, tests/test_pskc2csv.doctest,
tox.ini: Fixes to test suite
This ensures that the tests also work without a TTY and work
regardless of the PYTHONWARNINGS and TZ environment variables
Fixes cd33833
2017-12-29 Arthur de Jong <arthur@arthurdejong.org>
* [fe63c42] ChangeLog, MANIFEST.in, NEWS, pskc/__init__.py,
setup.py: Get files ready for 1.0 release
2017-12-29 Arthur de Jong <arthur@arthurdejong.org>
* [2651e80] tests/test_write.doctest: Not all XML serialisers
write namespaces in same order
This ignores the namespace declarations in the generated XML
files because not all implementations on all environments write
these in the same order.
2017-12-29 Arthur de Jong <arthur@arthurdejong.org>
* [44b1353] docs/conf.py, setup.cfg, tox.ini: Add Sphinx
documentation checks
This also slightly tunes the way Sphinx documentation is built.
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [42be53b] pskc2csv.py, tox.ini: Add support for PyPy
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [660ed65] setup.py, tox.ini: Add support for Python 3.7
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [9cd97c9] README, setup.py: Use README as package long description
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [20bf9c5] docs/encryption.rst, pskc/encryption.py, pskc2csv.py,
tests/test_rfc6030.doctest: Add an is_encrypted property
This property can be use to see whether the PSKC file needs an
additional pre-shared key or passphrase to decrypt any stored
information.
2017-12-27 Arthur de Jong <arthur@arthurdejong.org>
* [c365a70] : Implement XML signature checking
2017-12-17 Arthur de Jong <arthur@arthurdejong.org>
* [418f3dc] docs/encryption.rst, docs/index.rst, docs/mac.rst,
docs/signatures.rst, docs/usage.rst: Add documentation for signed
PSKC files
2017-12-23 Arthur de Jong <arthur@arthurdejong.org>
* [a97ac46] pskc/parser.py, pskc/serialiser.py,
pskc/signature.py, pskc/xml.py, setup.py,
tests/certificate/README, tests/certificate/ca-certificate.pem,
tests/certificate/ca-key.pem, tests/certificate/certificate.pem,
tests/certificate/key.pem, tests/certificate/request.pem,
tests/certificate/ss-certificate.pem,
tests/rfc6030/figure9.pskcxml,
tests/test_draft_ietf_keyprov_pskc_02.doctest,
tests/test_rfc6030.doctest, tests/test_signature.doctest, tox.ini:
Implement signature checking
This adds support for creating and verifying embedded XML
signatures in PSKC files. This uses the third-party signxml
library for actual signing and verification.
The signxml library has a dependency on lxml and defusedxml
(and a few others) but all parts of python-pskc still work
correctly with our without lxml and/or defusedxml and signxml
is only required when working with embedded signatures.
This modifies the tox configuration to skip the signature
checks if singxml is not installed and to only require 100%
code coverage if the signature tests are done.
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [c0bd21f] pskc/xml.py: Move namespace moving to own function
2017-09-22 Arthur de Jong <arthur@arthurdejong.org>
* [ea503d6] pskc/__init__.py, pskc/parser.py, pskc/signature.py,
tests/test_draft_ietf_keyprov_pskc_02.doctest,
tests/test_rfc6030.doctest: Implement basic parsing of signature
properties
2017-12-23 Arthur de Jong <arthur@arthurdejong.org>
* [fcc6cdb] pskc2csv.py: Explicitly close output file in pskc2csv
This ensures that the file descriptor is closed if we opened
the file. This is not a big problem for the script (because
the script exists anyway) but causes problems for the tests.
2017-12-18 Arthur de Jong <arthur@arthurdejong.org>
* [052f5bc] docs/policy.rst, pskc/parser.py,
pskc/policy.py, pskc/serialiser.py, tests/test_misc.doctest,
tests/test_write.doctest: Fix typo in pin_max_failed_attempts
attribute
This makes the old name (pin_max_failed_attemtps) available as
a deprecated property.
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [6f0ca70] pskc/parser.py,
tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/non-encrypted.pskcxml,
tests/draft-hoyer-keyprov-portable-symmetric-key-container-00/password-encrypted.pskcxml,
tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/non-encrypted.pskcxml,
tests/draft-hoyer-keyprov-portable-symmetric-key-container-01/password-encrypted.pskcxml,
tests/test_draft_hoyer_keyprov_portable_symmetric_key_container.doctest:
Add limited support for very old draft PSKC versions
This adds basic support for parsing the PSKC files as specified
in draft-hoyer-keyprov-portable-symmetric-key-container-00 and
draft-hoyer-keyprov-portable-symmetric-key-container-01.
It should be able to extract secrets, counters, etc. but not
all properties from the PSKC file are supported.
It is speculated that this format resembles the "Verisign PSKC
format" that some applications produce.
2016-09-19 Arthur de Jong <arthur@arthurdejong.org>
* [9b85634] tests/multiotp/pskc-hotp-aes.txt,
tests/multiotp/pskc-hotp-pbe.txt, tests/multiotp/pskc-totp-aes.txt,
tests/multiotp/pskc-totp-pbe.txt,
tests/multiotp/tokens_hotp_aes.pskc,
tests/multiotp/tokens_hotp_pbe.pskc,
tests/multiotp/tokens_ocra_aes.pskc,
tests/multiotp/tokens_ocra_pbe.pskc,
tests/multiotp/tokens_totp_aes.pskc,
tests/multiotp/tokens_totp_pbe.pskc, tests/test_multiotp.doctest:
Add test files from multiOTP
This adds tests for parsing the files that are shipped as part
of the multiOTP test suite.
https://www.multiotp.net/
2017-12-15 Arthur de Jong <arthur@arthurdejong.org>
* [01507af] pskc/key.py, pskc/parser.py, pskc/serialiser.py,
tests/misc/partialxml.pskcxml, tests/test_misc.doctest,
tests/test_write.doctest: Refactor internal storate of encrypted
values
This changes the way encrypted values are stored internally before
being decrypted. For example, the internal _secret property can now
be a decrypted plain value or an EncryptedValue instance instead
of always being a DataType, simplifying some things (e.g. all
XML encoding/decoding is now done in the corresponding module).
This should not change the public API but does have consequences
for those who use custom serialisers or parsers.
2017-12-13 Arthur de Jong <arthur@arthurdejong.org>
* [dcf1919] pskc/crypto/aeskw.py, pskc/encryption.py,
tests/encryption/kw-camellia128.pskcxml,
tests/encryption/kw-camellia192.pskcxml,
tests/encryption/kw-camellia256.pskcxml,
tests/test_encryption.doctest: Add support for KW-Camellia suite
of algorithms
2017-12-13 Arthur de Jong <arthur@arthurdejong.org>
* [364e93d] pskc/encryption.py,
tests/encryption/camellia128-cbc.pskcxml,
tests/encryption/camellia192-cbc.pskcxml,
tests/encryption/camellia256-cbc.pskcxml,
tests/test_encryption.doctest: Add support for Camellia-CBC
suite of algorithms
2017-10-11 Arthur de Jong <arthur@arthurdejong.org>
* [4c5e046] docs/conf.py, docs/pskc2csv.rst, setup.cfg: Add a
manual page for pskc2csv
2017-10-09 Arthur de Jong <arthur@arthurdejong.org>
* [25cb2fc] setup.cfg: Ignore missing docstring in __init__ in flake
2017-09-30 Arthur de Jong <arthur@arthurdejong.org>
* [225e569] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/encryption.py,
pskc/mac.py, setup.cfg, setup.py, tests/test_crypto.doctest,
tests/test_encryption.doctest, tox.ini: Replace pycrypto with
cryptography
The cryptography library is better supported.
This uses the functions from cryptography for AES and Triple
DES encryption, replaces the (un)padding functions that were
previously implemented in python-pskc with cryptography and uses
PBKDF2 implementation from hashlib.
2017-09-30 Arthur de Jong <arthur@arthurdejong.org>
* [5dff7d4] pskc/encryption.py: Use PBKDF2 from hashlib
This uses pbkdf2_hmac() from hashlib for the PBKDF2 calculation.
The downside of this is that this function is only available
since Python 2.7.8.
2017-09-30 Arthur de Jong <arthur@arthurdejong.org>
* [2c8a9b7] pskc/crypto/aeskw.py, pskc/crypto/tripledeskw.py,
pskc/encryption.py, pskc/mac.py, tests/test_aeskw.doctest,
tests/test_write.doctest: Replace use of pycrypto utility functions
This uses os.urandom() as a source for random data and replaces
other utility functions. This also removes one import for getting
the lengths of Tripple DES keys.
2017-09-24 Arthur de Jong <arthur@arthurdejong.org>
* [d0eddf8] pskc/serialiser.py, pskc/xml.py,
tests/test_write.doctest: Implement our own XML formatting
This avoids a using xml.dom.minidom to indent the XML tree and
keep the attributes ordered alphabetically. This also allows
for customisations to the XML formatting.
2017-09-24 Arthur de Jong <arthur@arthurdejong.org>
* [4ed4e11] tests/test_mac.doctest: Support hashlib from Python 2.7.3
Some Python versions don't have the algorithms_available property
but do have the algorithms property in hashlib.
2017-09-24 Arthur de Jong <arthur@arthurdejong.org>
* [b90faeb] pskc/xml.py, setup.py, tox.ini: Use defusedxml if
available
This uses the defusedxml library if available to defend agains
a number of XML-based attacks.
2017-09-23 Arthur de Jong <arthur@arthurdejong.org>
* [7272e54] pskc/serialiser.py, tests/test_write.doctest: Fix bug
in saving PBKDF2 salt on Python3
The PBKDF2 salt was saved in the wrong way (b'base64encodeddata'
instead of base64encodeddata) when using Python 3. This fixes
that problem and tests that saving and loading of a file that
uses PBKDF2 key derivation works.
2017-09-23 Arthur de Jong <arthur@arthurdejong.org>
* [cd33833] pskc2csv.py, setup.cfg, tests/test_pskc2csv.doctest:
Add tests for the pskc2csv script
This makes minor changes to the pskc2csv script to make it more
easily testable.
2017-09-22 Arthur de Jong <arthur@arthurdejong.org>
* [6028b8e] pskc2csv.py: Support adding custom CSV file headers
This allows adding an optional label to the --columns option that
can be used to output a label different from the key property
name in the CSV file header.
2017-09-20 Arthur de Jong <arthur@arthurdejong.org>
* [eef681b] pskc2csv.py: Add --secret-encoding option to pskc2csv
This option can be used to configure the encoding of the secret
in the CSV file (still hex by default).
2017-09-20 Arthur de Jong <arthur@arthurdejong.org>
* [6f78dd6] pskc/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/exceptions.py, pskc/mac.py,
pskc/parser.py, pskc/policy.py, pskc/serialiser.py, setup.cfg,
tox.ini: Run flake8 from tox
This also makes a few small code formatting changes to ensure
that the flake8 tests pass.
2017-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [cc3acc2] tox.ini: Simplify Tox configuration
2017-06-10 Arthur de Jong <arthur@arthurdejong.org>
* [0c00c80] pskc/__init__.py, pskc/encryption.py, pskc/parser.py,
pskc/serialiser.py, pskc/xml.py, pskc2csv.py: Various minor code
style improvements
2017-06-10 Arthur de Jong <arthur@arthurdejong.org>
* [510e6a5] pskc/encryption.py, pskc/parser.py: Normalise key
derivation algorithms
This makes KeyDerivation.algorithm and KeyDerivation.pbkdf2_prf
properties automatically normalise assigned values.
2017-06-10 Arthur de Jong <arthur@arthurdejong.org>
* [d72e6cc] pskc/xml.py: Switch to using non-deprecated method
This uses ElementTree.iter() instead of ElementTree.getiterator()
for going over all the child elements in the tree because the
latter is deprecated.
2017-06-10 Arthur de Jong <arthur@arthurdejong.org>
* [7b106ff] docs/usage.rst, pskc/key.py, tests/test_yubico.doctest:
Provide Key.userid convenience property
This provides a read-only userid property on Key objects that uses
the key_userid or device_userid value, whichever one is defined.
2017-06-09 Arthur de Jong <arthur@arthurdejong.org>
* [f0d2991] docs/conf.py, docs/encryption.rst, docs/exceptions.rst,
docs/mac.rst: Document supported encryption and MAC algorithms
This also includes a few other small documentation improvements.
2017-06-09 Arthur de Jong <arthur@arthurdejong.org>
* [8b8848d] pskc/encryption.py, pskc/mac.py,
tests/test_invalid.doctest, tests/test_mac.doctest: Refactor
MAC lookups
This switches to using the hashlib.new() function to be able to use
all hashes that are available in Python (specifically RIPEMD160).
This also adds a number of tests for HMACs using test vectors
from RFC 2202, RFC 4231 and RFC 2857.
2017-06-09 Arthur de Jong <arthur@arthurdejong.org>
* [e10f9c6] pskc/algorithms.py: Handle more algortihm URIs
This adds a number of algorithm URIs defined in RFC 6931 and also
simplifies the definition of the list of URIs. It also adds more
aliases for algorithms.
2017-01-25 Arthur de Jong <arthur@arthurdejong.org>
* [1fc1a03] README, docs/usage.rst, setup.py: Switch URLs to HTTPS
2017-01-21 Arthur de Jong <arthur@arthurdejong.org>
* [8de25c2] tests/actividentity/test.pskcxml,
tests/test_actividentity.doctest: Correct name of ActivIdentity
test file
2017-01-21 Arthur de Jong <arthur@arthurdejong.org>
* [5889df7] ChangeLog, NEWS, README, docs/conf.py, pskc/__init__.py,
pskc2csv.py, setup.py: Get files ready for 0.5 release
2017-01-15 Arthur de Jong <arthur@arthurdejong.org>
* [29a183d] tests/test_feitian.doctest, tests/test_nagraid.doctest:
Split vendor tests
Have one doctest file per vendor to make tests a little more
manageable.
2017-01-14 Arthur de Jong <arthur@arthurdejong.org>
* [02eb520] tests/test_yubico.doctest, tests/yubico/example1.pskcxml,
tests/yubico/example2.pskcxml, tests/yubico/example3.pskcxml:
Add tests for Yubikey files
This adds tests from draft-josefsson-keyprov-pskc-yubikey-00.
2017-01-13 Arthur de Jong <arthur@arthurdejong.org>
* [12dfa64] pskc/parser.py, tests/actividentity/test.pskc,
tests/test_actividentity.doctest: Support legacy ActivIdentity
files
This adds support for parsing ActivIdentity files that conform
to a very old version of an Internet Draft. The implementation
and test were based on a file provided by Jaap Ruijgrok.
2017-01-11 Arthur de Jong <arthur@arthurdejong.org>
* [a5e2343] pskc/parser.py,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml:
Use original examples from old profiles Internet Draft
This updates the tests to use the original examples from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 instead of
modifying them to fit the RFC 6030 schema (but does include some
minor changes to make them valid XML).
This adds a few additions to the parser to handle legacy challenge
and resposne encoding and a few key policy properties.
This also includes a fix for 0b757ec in the handling of the
<ChallengeFormat> element under a <Usage> element.
2016-12-21 Arthur de Jong <arthur@arthurdejong.org>
* [2f7cb1a] tests/rfc6030/figure8.pskcxml,
tests/rfc6030/figure9.pskcxml, tests/test_rfc6030.doctest:
Add all figures from RFC 6030 to test suite
Note that asymmetric encryption and digital signature checking
has not yet been implemented so the tests are pretty minimal.
2016-12-21 Arthur de Jong <arthur@arthurdejong.org>
* [0b757ec] pskc/parser.py, pskc/xml.py,
tests/draft-ietf-keyprov-pskc-02/figure2.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure3.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure4.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure5.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure6.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure7.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure8.pskcxml,
tests/draft-ietf-keyprov-pskc-02/figure9.pskcxml,
tests/test_draft_ietf_keyprov_pskc_02.doctest: Add support for
older Internet Draft version
This adds support for parsing most examples from
draft-ietf-keyprov-pskc-02. That file uses a few other names
for elements and attributes of the PSKC file and a few other
minor differences.
The XML parsing has been changed to allow specifying multiple
matches and the find*() functions now return the first found match.
While all examples from draft-ietf-keyprov-pskc-02 are tested
support for verifying digital signatures and asymmetric keys
have not yet been implemented.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [09076f8] tests/test_encryption.doctest: Fix typo in test
2016-12-20 Arthur de Jong <arthur@arthurdejong.org>
* [46fa5f1] setup.cfg: Fail tests on missing coverage
2016-12-20 Arthur de Jong <arthur@arthurdejong.org>
* [047a2a9] pskc/key.py, pskc/mac.py,
tests/encryption/mac-over-plaintext.pskcxml,
tests/invalid/mac-missing.pskcxml, tests/invalid/mac-value.pskcxml,
tests/invalid/missing-encryption-method.pskcxml,
tests/test_encryption.doctest, tests/test_invalid.doctest:
Allow MAC over plaintext or ciphertext
RFC 6030 implies that the MAC should be performed over the
ciphertext but some earlier drafts implied that the MAC should
be performed on the plaintext. This change accpets the MAC if
either the plaintext or ciphertext match.
Note that this change allows for a padding oracle attack when
CBC encryption modes are used because decryption (and unpadding)
needs to be done before MAC checking. However, this module is
not expected to be available to users to process arbitrary PSKC
files repeatedly.
This removes the tests for a missing MAC key (and replaces it for
tests of missing EncryptionMethod) because falling back to using
the encryption key (implemented in a444f78) in combination with
this change means that decryption is performed before MAC checking
and is no longer possible to trigger a missing MAC key error.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [bae7084] pskc/crypto/__init__.py, pskc/encryption.py,
tests/test_crypto.doctest: Add sanity checks to unpadding
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [d864bc8] pskc/serialiser.py: Ensure XML file ends with a newline
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [c631628] pskc/xml.py: Adapt coverage pragma annotations
This fixes the pragma directives to be be correct independently
of whether lxml is installed or not.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [18d82dc] .gitignore, tox.ini: Add Tox configuration
This sets up Tox with various versions of Python and for each
version a run with and without lxml.
2016-12-19 Arthur de Jong <arthur@arthurdejong.org>
* [71058e2] tests/test_write.doctest: Close read files in tests
This ensures that the files that are read in the test suite are
properly closed to avoid leaking open file descriptors.
2016-12-18 Arthur de Jong <arthur@arthurdejong.org>
* [f0a0a3b] pskc/parser.py: Support missing or lowercase version
attribute
2016-09-26 Arthur de Jong <arthur@arthurdejong.org>
* [3bf4737] docs/usage.rst: Fix copy-pasto in documentation
This accidentally slipped in as part of beafc6b. 2016-09-19
Arthur de Jong <arthur@arthurdejong.org>
* [02b30a9] pskc/__init__.py, pskc/parser.py, pskc/serialiser.py:
Also move outer writing and parsing to modules
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [b1f8f87] .gitignore, README, pskc/__init__.py: Add writing
example to toplevel documentation
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [e23a467] pskc/key.py: Use custom data descriptors for key
properties
This uses a custom data descriptor (property) for secret, counter,
time_offset, time_interval and time_drift.
2016-09-17 Arthur de Jong <arthur@arthurdejong.org>
* [beafc6b] docs/usage.rst, pskc/__init__.py, pskc/device.py,
pskc/key.py, pskc/parser.py, pskc/policy.py, pskc/serialiser.py,
tests/test_misc.doctest, tests/test_write.doctest: Support
separate device from key
This allows having multiple keys per device while also maintaining
the previous API.
Note that having multiple keys per device is not allowed by the
RFC 6030 schema but is allowed by some older internet drafts.
2016-09-16 Arthur de Jong <arthur@arthurdejong.org>
* [84bfb8a] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/serialiser.py: Move XML
generation to own module
Similar to the change for parsing, move the XML serialisation
of PSKC data to a single class in a separate module.
2016-09-14 Arthur de Jong <arthur@arthurdejong.org>
* [426e821] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/parser.py, pskc/policy.py: Move document
parsing to own module
This moves all the parse() functions to a single class in a
dedicated module that can be used for parsing PSKC files. This
should make it easier to subclass the parser.
2016-09-14 Arthur de Jong <arthur@arthurdejong.org>
* [bf34209] tests/invalid/no-mac-method.pskcxml,
tests/test_invalid.doctest, tests/test_rfc6030.doctest: Some
minor improvements to the tests
2016-09-12 Arthur de Jong <arthur@arthurdejong.org>
* [600ae68] pskc/encryption.py, pskc/key.py, pskc/xml.py,
setup.cfg, tests/invalid/empty-mac-key.pskcxml,
tests/invalid/incomplete-derivation.pskcxml,
tests/invalid/missing-encryption.pskcxml,
tests/misc/SampleFullyQualifiedNS.xml, tests/misc/policy.pskcxml,
tests/test_aeskw.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_write.doctest: Improve branch coverage
This enables branch coverage testing and adds tests to improve
coverage.
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [713d106] pskc/encryption.py, tests/test_encryption.doctest:
Support specifying PRF in setup_pbkdf2()
This also ensures that the PRF URL is normalised.
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [ff811c9] pskc/encryption.py: Fix bug in passing explicit key
to setup_preshared_key()
2016-09-11 Arthur de Jong <arthur@arthurdejong.org>
* [fa07aa5] docs/encryption.rst, pskc/encryption.py: Clarify
encryption.setup_*() documentation
This tries to make it clearer that the setup_preshared_key()
and setup_pbkdf2() functions are meant to be used when writing
out PSKC files.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [a444f78] pskc/key.py, pskc/mac.py,
tests/encryption/no-mac-key.pskcxml,
tests/invalid/mac-missing.pskcxml, tests/test_encryption.doctest,
tests/test_invalid.doctest: Fall back to encryption key for MAC
This uses the encryption key also as MAC key if no MAC key has
been specified in the PSKC file. Earlier versions of the PSKC
draft specified this behaviour.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [9b76135] pskc/encryption.py,
tests/encryption/aes128-cbc-noiv.pskcxml,
tests/test_encryption.doctest: Allow global specification of IV
In older versions of the PSKC standard it was allowed to
have a global initialization vector for CBC based encryption
algorithms. It is probably not a good idea to re-use an IV
in general.
2016-04-23 Arthur de Jong <arthur@arthurdejong.org>
* [d53f05b] pskc/encryption.py, pskc/mac.py: Move crypto to functions
This makes it much easier to test the encryption, decryption
and HMAC processing separate from the PSKC parsing.
2016-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [5dbfefd] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/policy.py: Remove parse call from constructors
This makes the creation if internal instances a litte more
consistent.
2016-04-05 Arthur de Jong <arthur@arthurdejong.org>
* [0d7caf1] pskc/algorithms.py, pskc/encryption.py, pskc/mac.py:
Move algorithm uri handling to separate module
2016-03-29 Arthur de Jong <arthur@arthurdejong.org>
* [22ba9f1] pskc/crypto/__init__.py, pskc/encryption.py: Move
padding functions to crypto package
2016-03-28 Arthur de Jong <arthur@arthurdejong.org>
* [efbe94c] ChangeLog, NEWS, pskc/__init__.py, setup.py: Get files
ready for 0.4 release
2016-03-26 Arthur de Jong <arthur@arthurdejong.org>
* [0c57335] docs/policy.rst: Document may_use() policy function
2016-03-27 Arthur de Jong <arthur@arthurdejong.org>
* [b4a6c72] : Implement writing encrypted files
This adds support for setting up encryption keys and password-based
key derivation when writing PSKC files. Also MAC keys are set
up when needed.
2016-03-26 Arthur de Jong <arthur@arthurdejong.org>
* [59aa65b] README, docs/conf.py, docs/encryption.rst, docs/mac.rst,
docs/usage.rst, pskc/__init__.py: Document writing encrypted files
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [5f32528] tests/test_write.doctest: Add encryption error tests
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [7ede4a1] tests/test_write.doctest: Add tests for writing
encrypted PSKC files
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [1ff3237] pskc/encryption.py: Allow configuring a pre-shared key
This method allows configuring a pre-shared encryption key and
will chose reasonable defaults for needed encryption values
(e.g. it will choose an algorithm, generate a new key of the
appropriate length if needed, etc.).
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [50414a3] pskc/encryption.py, tests/test_encryption.doctest:
Allow configuring PBKDF2 key derivation
This factors out the PBKDF2 key derivation to a separate function
and introduces a function to configure KeyDerivation instances
with PBKDF2.
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [5ac9d43] pskc/mac.py, tests/test_encryption.doctest: Allow
configuring a MAC key
This method will set up a MAC key and algorithm as specified or
use reasonable defauts.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [16da531] pskc/key.py, pskc/mac.py: Generate MAC values
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [ca0fa36] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
Write MACMethod
This also makes the MAC.algorithm a property similarly as what
is done for Encryption (normalise algorithm names) and adds a
setter for the MAC.key property.
2016-03-21 Arthur de Jong <arthur@arthurdejong.org>
* [8fd35ba] pskc/encryption.py, pskc/key.py: Write out encrypted
values
The Encryption class now has a fields property that lists the
fields that should be encrypted when writing the PSKC file.
This adds an encrypt_value() function that performs the encryption
and various functions to convert the plain value to binary before
writing the encrypted XML elements.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [eba541e] pskc/__init__.py, pskc/encryption.py, pskc/mac.py:
Make Encryption and MAC constructors consistent
This removes calling parse() from the Encryption and MAC
constructors and stores a reference to the PSKC object in both
objects so it can be used later on.
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [fe21231] pskc/__init__.py, pskc/encryption.py,
tests/test_write.doctest: Write encryption key information
This writes information about a pre-shared key or PBKDF2 key
derivation in the PSKC file. This also means that writing
a decrypted version of a previously encrypted file requires
actively removing the encryption.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [0893640] pskc/encryption.py, tests/test_misc.doctest: Add
algorithm_key_lengths property
This property on the Encryption object provides a list of key
sizes (in bytes) that the configured encryption algorithm supports.
2016-03-22 Arthur de Jong <arthur@arthurdejong.org>
* [8b5f6c2] pskc/policy.py, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_write.doctest: Also check
key expiry in may_use()
2016-03-20 Arthur de Jong <arthur@arthurdejong.org>
* [dfa57ae] pskc2csv.py: Support reading password or key in pskc2csv
This supports reading the encryption password or key from the
command line or from a file.
2014-06-28 Arthur de Jong <arthur@arthurdejong.org>
* [0744222] pskc/xml.py: Copy namespaces to toplevel element
Ensure that when writing an XML file all namespace definitions
are on the toplevel KeyContainer element instead of scattered
throughout the XML document.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [e8ef157] pskc/__init__.py, tests/test_write.doctest: Support
writing to text streams in Python 3
This supports writing the XML output to binary streams as well
as text streams in Python 3.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [cadc6d9] pskc/key.py, pskc/mac.py,
tests/invalid/missing-encryption.pskcxml,
tests/invalid/not-boolean.pskcxml,
tests/invalid/not-integer.pskcxml,
tests/invalid/not-integer2.pskcxml,
tests/invalid/unknown-encryption.pskcxml, tests/test_aeskw.doctest,
tests/test_encryption.doctest, tests/test_invalid.doctest,
tests/test_misc.doctest, tests/test_rfc6030.doctest,
tests/test_tripledeskw.doctest, tests/test_write.doctest:
Improve tests and test coverage
This adds tests to ensure that incorrect attribute and value
types in the PSKC file raise a ValueError exception and extends
the tests for invalid encryption options.
This removes some code or adds no cover directives to a few
places that have unreachable code or are Python version specific
and places doctest directives inside the doctests where needed.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [b8905e0] pskc/key.py, pskc/xml.py, tests/misc/checkdigits.pskcxml,
tests/test_misc.doctest: Support both CheckDigit and CheckDigits
RFC 6030 is not clear about whether the attribute of
ChallengeFormat and ResponseFormat should be the singular
CheckDigit or the plural CheckDigits. This ensures that both
forms are accepted.
2016-03-19 Arthur de Jong <arthur@arthurdejong.org>
* [7915c55] pskc/policy.py, tests/misc/policy.pskcxml,
tests/test_misc.doctest: Implement policy checking
This checks for unknown policy elements in the PSKC file and
will cause the key usage policy check to fail.
2016-03-18 Arthur de Jong <arthur@arthurdejong.org>
* [1687fd6] tests/feitian/20120919-test001-4282.xml,
tests/feitian/file1.pskcxml, tests/nagraid/file1.pskcxml,
tests/test_vendors.doctest: Add a few tests for vendor files
Some vendor-specific files were lifted from the LinOTP test suite
and another Feitian file was found in the oath-toolkit repository.
2016-01-31 Arthur de Jong <arthur@arthurdejong.org>
* [aae8a18] pskc/key.py, tests/misc/integers.pskcxml,
tests/test_misc.doctest: Support various integer representations
This extends support for handling various encoding methods for
integer values in PSKC files. For encrypted files the decrypted
value is first tried to be evaluated as an ASCII representation
of the number and after that big-endian decoded.
For plaintext values first ASCII decoding is tried after which
base64 decoding is tried which tries the same encodings as for
decrypted values.
There should be no possibility for any base64 encoded value
(either of an ASCII value or a big-endian value) to be interpreted
as an ASCII value for any 32-bit integer.
There is a possibility that a big-endian encoded integer could
be incorrectly interpreted as an ASCII value but this is only
the case for 110 numbers when only considering 6-digit numbers.
2016-01-24 Arthur de Jong <arthur@arthurdejong.org>
* [c86aaea] README, pskc/__init__.py,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/actividentity-3des.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/ocra.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/securid-aes-counter.pskcxml,
tests/draft-hoyer-keyprov-pskc-algorithm-profiles-01/totp.pskcxml,
tests/encryption/aes128-cbc.pskcxml,
tests/encryption/aes192-cbc.pskcxml,
tests/encryption/aes256-cbc.pskcxml,
tests/encryption/kw-aes128.pskcxml,
tests/encryption/kw-aes192.pskcxml,
tests/encryption/kw-aes256.pskcxml,
tests/encryption/kw-tripledes.pskcxml,
tests/encryption/tripledes-cbc.pskcxml,
tests/invalid/encryption.pskcxml,
tests/invalid/mac-algorithm.pskcxml,
tests/invalid/mac-value.pskcxml,
tests/invalid/no-mac-method.pskcxml, tests/invalid/notxml.pskcxml,
tests/invalid/wrongelement.pskcxml,
tests/invalid/wrongversion.pskcxml,
tests/misc/SampleFullyQualifiedNS.xml,
tests/misc/odd-namespace.pskcxml, tests/rfc6030/figure10.pskcxml,
tests/rfc6030/figure2.pskcxml, tests/rfc6030/figure3.pskcxml,
tests/rfc6030/figure4.pskcxml, tests/rfc6030/figure5.pskcxml,
tests/rfc6030/figure6.pskcxml, tests/rfc6030/figure7.pskcxml,
tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_write.doctest: Re-organise
test files
This puts the test PSKC files in subdirectories so they can be
organised more cleanly.
2016-01-23 Arthur de Jong <arthur@arthurdejong.org>
* [1904dc2] tests/test_misc.doctest: Add test for incorrect key
derivation
If no key derivation algorithm has been specified in the PSKC
file an exception should be raised when attempting to perform
key derivation.
2016-01-24 Arthur de Jong <arthur@arthurdejong.org>
* [91f66f4] pskc/encryption.py, pskc/key.py, pskc/mac.py: Refactor
out EncryptedValue and ValueMAC
This removes the EncryptedValue and ValueMAC classes and instead
moves the XML parsing of these values to the DataType class. This
will make it easier to support different parsing schemes.
This also includes a small consistency improvement in the
subclasses of DataType.
2016-01-23 Arthur de Jong <arthur@arthurdejong.org>
* [9b13d3b] pskc/encryption.py, tests/test_misc.doctest: Normalise
algorithm names
This transforms the algorithm URIs that are set to known values
when parsing or setting the algorithm.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [b6eab47] docs/encryption.rst, pskc/encryption.py,
tests/test_encryption.doctest, tests/test_misc.doctest: Add
encryption algorithm property
Either determine the encryption algorithm from the PSKC file
or from the explicitly set value. This also adds support for
setting the encryption key name.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [b5f7de5] pskc/key.py, tests/test_write.doctest: Fix a problem
when writing previously encrypted file
This fixes a problem with writing a PSKC file that is based on
a read file that was encrypted.
2016-01-22 Arthur de Jong <arthur@arthurdejong.org>
* [107a836] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/xml.py: Strip XML namespaces
before parsing
This simplifies calls to the find() family of functions and
allows parsing PSKC files that have slightly different namespace
URLs. This is especially common when parsing old draft versions
of the specification.
This also removes passing multiple patterns to the find()
functions that was introduced in 68b20e2.
2015-12-28 Arthur de Jong <arthur@arthurdejong.org>
* [a86ff8a] README, docs/encryption.rst: Update some documentation
This adds a development notes section to the README and changes
the wording on the encryption page.
2015-12-01 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [0ff4154] docs/encryption.rst: Fix typo in the documentation
2015-12-01 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [3473903] pskc2csv.py: Support Python 3
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [a82a60b] pskc/key.py: Make value conversion methods static private
- the conversions do not call self: they are static - the
conversions are not to be used out of the class: make private
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [e711a30] pskc/key.py: Provide abstract methods to clarify API
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [1577687] pskc/encryption.py: Fix typo in variable name
2015-11-30 Mathias Laurin <Mathias.Laurin+github.com@gmail.com>
* [3aa2a6f] tests/test_invalid.doctest: Fix doctest:
IGNORE_EXCEPTION_DETAL
2015-10-07 Arthur de Jong <arthur@arthurdejong.org>
* [c155d15] ChangeLog, MANIFEST.in, NEWS, pskc/__init__.py,
setup.py: Get files ready for 0.3 release
2015-10-07 Arthur de Jong <arthur@arthurdejong.org>
* [cf0c9e6] README, docs/conf.py, docs/encryption.rst,
docs/exceptions.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst,
pskc/__init__.py: Update documentation
This updates the documentation with the new features (writing PSKC
files) as well as many editorial improvements, some rewording
and a few typo fixes. Some things were moved around a little in
order to be more easily readable and easier to find.
2015-10-06 Arthur de Jong <arthur@arthurdejong.org>
* [671b6e2] pskc/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/encryption.py, pskc/key.py,
pskc/policy.py, pskc/xml.py, setup.py, tests/test_aeskw.doctest,
tests/test_draft_keyprov.doctest, tests/test_encryption.doctest,
tests/test_invalid.doctest, tests/test_misc.doctest,
tests/test_rfc6030.doctest, tests/test_tripledeskw.doctest,
tests/test_write.doctest: Support Python 3
This enables support for Python 3 together with Python 2 support
with a single codebase.
On Python 3 key data is passed around as bytestrings which makes
the doctests a little harder to maintain across Python versions.
2015-10-06 Arthur de Jong <arthur@arthurdejong.org>
* [68b20e2] pskc/encryption.py, pskc/xml.py,
tests/SampleFullyQualifiedNS.xml, tests/test_misc.doctest:
Fix issue with namespaced PBKDF2 parameters
The find() utility functions now allow specifying multiple paths
to be searched where the first match is returned.
This allows handling PSKC files where the PBKDF2 salt, iteration
count, key length and PRF elements are prefixed with the xenc11
namespace.
A test including such a PSKC file has been included.
Thanks to Eric Plet for reporting this.
2014-10-12 Arthur de Jong <arthur@arthurdejong.org>
* [ebe46f2] pskc2csv.py: Provide a sample pskc2csv script
This is a simple command-line utility that reads a PSKC file
and outputs information on keys as CSV.
2014-06-30 Arthur de Jong <arthur@arthurdejong.org>
* [1363564] pskc/crypto/__init__.py, pskc/crypto/aeskw.py,
pskc/crypto/tripledeskw.py, pskc/encryption.py,
tests/test_aeskw.doctest, tests/test_tripledeskw.doctest: Move
encryption functions in pskc.crypto package
This moves the encryption functions under the pskc.crypto package
to more clearly separate it from the other code. Ideally this
should be replaced by third-party library code.
2014-06-30 Arthur de Jong <arthur@arthurdejong.org>
* [e468ebe] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py, pskc/xml.py: Rename pskc.parse
to pskc.xml
This renames the parse module to xml to better reflect the
purpose of the module and it's functions.
This also introduces a parse() function that wraps etree.parse().
2014-06-28 Arthur de Jong <arthur@arthurdejong.org>
* [480e2d0] : Support writing unencrypted PSKC files
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [37dc64a] tests/test_write.doctest: Add test for writing PSKC files
This makes a simple doctest that checks the writing of the XML
representation of the PSKC data.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [865a755] pskc/__init__.py, pskc/parse.py: Add function for
writing XML
This provides a function for pretty-printing the generated
XML document.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [61a192f] pskc/__init__.py, pskc/key.py, pskc/policy.py: Construct
XML document with basic PKSC information
This introduces make_xml() functions to build an XML document
that contains the basic PSKC information and keys. This currently
only supports writing unencrypted PSKC files.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [69aec9f] pskc/parse.py: Introduce mk_elem() to create elements
This introduces the mk_elem() function that can be used to create
ElementTree elements for building XML documents. This function
transparetly handles namespaces, translation of values into
XML etc.
2014-06-27 Arthur de Jong <arthur@arthurdejong.org>
* [7591271] pskc/key.py: Simplify DataType value handling
Only store the native value of the property, not the text
representation. This also results in the BinaryDataType and
IntegerDataType subclasses only needing from_text() and from_bin()
functions.
2014-06-19 Arthur de Jong <arthur@arthurdejong.org>
* [09eb6b3] ChangeLog, NEWS, docs/changes.rst, docs/index.rst,
docs/usage.rst, pskc/__init__.py, setup.py: Get files ready for
0.2 release
2014-06-19 Arthur de Jong <arthur@arthurdejong.org>
* [62c9af4] pskc/__init__.py: Only catch normal exceptions
2014-06-18 Arthur de Jong <arthur@arthurdejong.org>
* [deb57d7] pskc/__init__.py: Remove unused import
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
* [178ef1c] pskc/encryption.py: PEP8 fix
2014-06-17 Arthur de Jong <arthur@arthurdejong.org>
* [7435552] pskc/exceptions.py: Remove __str__ from exception
The message property has been deprecated as of Python 2.6 and
printing the first argument is the default.
2014-06-16 Arthur de Jong <arthur@arthurdejong.org>
* [f084735] README, docs/encryption.rst, docs/exceptions.rst,
docs/index.rst, docs/mac.rst, docs/policy.rst, docs/usage.rst:
Update documentation
This updates the documentation with the current API, adding
information on exceptions raised, HMAC algorithms supported and
changes to the MAC checking.
This also includes some editorial changes to some of the text and
making references shorter by not including the full package path.
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [d84e761] pskc/parse.py: Simplify finding ElementTree
implementation
These are the only ElementTree implementations that have been
tested to provide the needed functionality (mostly namespaces).
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [50b429d] pskc/key.py, pskc/parse.py, pskc/policy.py: Refactor
out some functions to parse
This introduces the getint() and getbool() functions in parse
to avoid some code duplication.
2014-06-15 Arthur de Jong <arthur@arthurdejong.org>
* [9a16ce4] pskc/key.py, tests/test_misc.doctest: Add support for
setting secret
This supports setters for the secret, counter, time_offset,
time_interval and time_drift properties. Setting these values
stores the values unencrypted internally.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [1b9ee9f] pskc/encryption.py: Support PBKDF2 PRF argument
Support specifying a pseudorandom function for PBKDF2 key
derivation. It currently supports any HMAC that the MAC checking
also supports.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [79b9a7d] pskc/mac.py: Provide a get_hmac() function
Refactor the functionality to find an HMAC function into a
separate function.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [1417d4a] tests/invalid-mac-algorithm.pskcxml,
tests/invalid-mac-value.pskcxml,
tests/invalid-no-mac-method.pskcxml, tests/test_invalid.doctest:
Add tests for missing or invalid MAC
This tests for incomplete, unknown or invalid MACs in PSKC files.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [9d8aae0] pskc/key.py, pskc/mac.py: Raise exception when MAC
validation fails
This changes the way the check() function works to raise an
exception when the MAC is not correct. The MAC is also now always
checked before attempting decryption.
This also renames the internal DataType.value property to a
get_value() method for clarity.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [699ecf8] pskc/encryption.py: Handle missing MAC algorithm properly
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [01e102b] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest,
tests/tripledes-cbc.pskcxml: Add MAC tests to all CBC encrypted
keys
This adds hmac-sha224, hmac-sha256, hmac-sha384 and hmac-sha512
tests for values that are encrypted using CBC block cypher modes.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [59e790e] pskc/mac.py: Automatically support all MACs in hashlib
This uses the name of the hash to automatically get the correct
hash object from Python's hashlib.
2014-06-14 Arthur de Jong <arthur@arthurdejong.org>
* [566e447] pskc/__init__.py, pskc/parse.py, setup.py: Support
various ElementTree implementations
When using a recent enough lxml, even Python 2.6 should work
now. The most important requirement is that the findall()
function supports the namespaces argument.
This also now catches all exceptions when parsing the PSKC file
fails and wraps it in ParseError because various implementations
raise different exceptions, even between versions (Python 2.6's
ElementTree raises ExpatError, lxml raises XMLSyntaxError).
2014-06-13 Arthur de Jong <arthur@arthurdejong.org>
* [5d60ee2] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/parse.py, pskc/policy.py: Have parse module
provide find() functions
This changes the parse module functions to better match the
ElementTree API and extends it with findint(), findtime()
and findbin().
It also passes the namespaces to all calls that require it
without duplicating this throughout the normal code.
2014-06-11 Arthur de Jong <arthur@west.nl>
* [6a34c01] pskc/__init__.py, pskc/encryption.py, pskc/key.py,
pskc/mac.py, pskc/policy.py: Use get() instead of attrib.get()
(shorter)
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [4d92b93] pskc/encryption.py, tests/kw-tripledes.pskcxml,
tests/test_encryption.doctest: Support kw-tripledes decryption
This adds support for key unwrapping using the RFC 3217 Triple
DES key wrap algorithm if the PSKC file uses this.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [fd71f01] pskc/tripledeskw.py, tests/test_tripledeskw.doctest:
Implement RFC 3217 Triple DES key wrapping
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [f639318] tests/test_minimal.doctest, tests/test_misc.doctest:
Merge test_minimal into test_misc
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [1e7f861] tests/draft-keyprov-actividentity-3des.pskcxml,
tests/test_draft_keyprov.doctest: Add an ActivIdentity-3DES test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [b7cb928] tests/draft-keyprov-securid-aes-counter.pskcxml,
tests/test_draft_keyprov.doctest: Add an SecurID-AES-Counter test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to be
valid XML and to fit the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [427319f] tests/draft-keyprov-totp.pskcxml,
tests/test_draft_keyprov.doctest: Add an TOTP test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [ba49d09] tests/draft-keyprov-ocra.pskcxml,
tests/test_draft_keyprov.doctest: Add an OCRA test
The test is taken from
draft-hoyer-keyprov-pskc-algorithm-profiles-01 modified to fit
the schema as described in RFC 6030.
2014-05-31 Arthur de Jong <arthur@arthurdejong.org>
* [0a66ede] tests/odd-namespace.pskcxml, tests/test_misc.doctest:
Add a test for an odd namespace
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
* [287afa7] pskc/encryption.py, tests/kw-aes128.pskcxml,
tests/kw-aes192.pskcxml, tests/kw-aes256.pskcxml,
tests/test_encryption.doctest: Support kw-aes128, kw-aes192
and kw-aes256
This adds support for key unwrapping using the RFC 3394 or RFC
5649 algorithm if the PSKC file uses this.
2014-05-30 Arthur de Jong <arthur@arthurdejong.org>
* [99ba287] pskc/aeskw.py, tests/test_aeskw.doctest: Implement
padding as specified in RFC 5649
This adds a pad argument with which padding can be forced or
disabled.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [ebf8945] pskc/aeskw.py, tests/test_aeskw.doctest: Allow speciying
an initial value for key wrapping
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [5720fe5] pskc/aeskw.py, pskc/exceptions.py,
tests/test_aeskw.doctest: Provide an RFC 3394 AES key wrapping
algorithm
This also introduces an EncryptionError exception.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [7164d89] README, docs/usage.rst, pskc/__init__.py,
tests/rfc6030-figure10.pskcxml, tests/rfc6030-figure2.pskcxml,
tests/rfc6030-figure3.pskcxml, tests/rfc6030-figure4.pskcxml,
tests/rfc6030-figure5.pskcxml, tests/rfc6030-figure6.pskcxml,
tests/rfc6030-figure7.pskcxml, tests/test_rfc6030.doctest:
Always put a space between RFC and number
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [ccebb69] pskc/encryption.py, tests/test_encryption.doctest,
tests/tripledes-cbc.pskcxml: Support Tripple DES decryption
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [a11f31f] tests/test_invalid.doctest: Add tests for key derivation
problems
This tests for unknown or missing algorithms and unknown
derivation parameters.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [0738c94] pskc/encryption.py, pskc/exceptions.py: Raise exception
when key derivation fails
This also renames the internal function that implements the
derivation.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [76ef42b] pskc/encryption.py, pskc/exceptions.py,
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest:
Add test for missing key encryption algorithm
This also introduces a toplevel PSKCError exception that all
exceptions have as parent.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [7f26dc6] tests/aes128-cbc.pskcxml, tests/aes192-cbc.pskcxml,
tests/aes256-cbc.pskcxml, tests/test_encryption.doctest: Add
test for all AES-CBC encryption schemes
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [28f2c1c] pskc/encryption.py: Support more AES-CBC encryption
schemes
This also moves the crypto imports to the places where they are
used to avoid a depenency on pycrypto if no encryption is used.
2014-05-29 Arthur de Jong <arthur@arthurdejong.org>
* [678b127] tests/test_minimal.doctest: Add test for missing
secret value
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [bef2f7d] pskc/__init__.py, pskc/key.py,
tests/test_minimal.doctest: Add a function for adding a new key
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [46f5749] pskc/__init__.py: Consistency improvement
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [83f5a4b] pskc/__init__.py, tests/test_minimal.doctest: Support
creating an empty PSKC instance
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [820c83c] pskc/encryption.py, pskc/mac.py: Be more lenient in
accepting algorithms
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [02bde47] pskc/key.py: Code simplification
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [b62fec8] pskc/encryption.py, pskc/exceptions.py,
tests/invalid-encryption.pskcxml, tests/test_invalid.doctest,
tests/test_rfc6030.doctest: Raise an exception if decryption fails
2014-05-25 Arthur de Jong <arthur@arthurdejong.org>
* [7bc2e6b] pskc/encryption.py: Make decryption code better readable
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [714f387] setup.cfg, tests/invalid-notxml.pskcxml,
tests/invalid-wrongelement.pskcxml,
tests/invalid-wrongversion.pskcxml, tests/test_invalid.doctest:
Add tests for invalid PSKC files
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [803d24c] pskc/__init__.py, pskc/exceptions.py: Raise exceptions
on some parsing problems
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [8c37e26] setup.py: Fix install_requires
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [8e1729e] ChangeLog, MANIFEST.in, NEWS: Get files ready for
0.1 release
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [15ca643] README, pskc/__init__.py, tests/rfc6030-figure10.pskcxml,
tests/rfc6030-figure2.pskcxml, tests/rfc6030-figure3.pskcxml,
tests/rfc6030-figure4.pskcxml, tests/rfc6030-figure5.pskcxml,
tests/rfc6030-figure6.pskcxml, tests/rfc6030-figure7.pskcxml,
tests/test_rfc6030.doctest: Use pskcxml as file name extension
This is the extension that is suggested in RFC6030.
2014-05-23 Arthur de Jong <arthur@arthurdejong.org>
* [44c7d2e] docs/policy.rst, docs/usage.rst: Improve IANA links
2014-05-20 Arthur de Jong <arthur@arthurdejong.org>
* [cda1c5f] tests/test_rfc6030.doctest: Improve test
This tests that, before the PSKC ecnryption is key available,
the secret from the key cannot be extracted.
2014-05-19 Arthur de Jong <arthur@arthurdejong.org>
* [e96c746] docs/_templates/autosummary/module.rst, docs/conf.py,
docs/encryption.rst, docs/index.rst, docs/mac.rst, docs/policy.rst,
docs/usage.rst: Provide Sphinx documentation
2014-05-18 Arthur de Jong <arthur@arthurdejong.org>
* [edf4d24] pskc/policy.py: Add missing policy constant
2014-05-18 Arthur de Jong <arthur@arthurdejong.org>
* [92a994d] pskc/key.py: Fix attribute name in docstring
2014-04-20 Arthur de Jong <arthur@arthurdejong.org>
* [cc9bbb5] README: Update README
2014-05-17 Arthur de Jong <arthur@arthurdejong.org>
* [d0a7814] .gitignore, setup.py: Fix dateutil dependency
This also ignores downloaded .egg files.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [e0159ba] pskc/parse.py: Fix module description
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [ba17976] pskc/__init__.py, pskc/parse.py: Move PSKC class to
toplevel module
This also splits the parsing to a parse() function for consistency.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [64e207d] pskc/key.py, tests/test_rfc6030.doctest: Provide
pskc.key docstrings
This documents most of the information that is available per
key and adds a few other minor cosmetic changes.
This also re-organises the key properties to be in a slightly more
logical order and renames the userid key property to key_userid
to more clearly distinguish it from device_userid.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [6becc61] pskc/parse.py: Provide pskc.parse docstrings
This documents most of the API of the parsing functions and the
PSKC class.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [1d42fbc] pskc/policy.py: Complete pskc.policy docstrings
Also contains small consistency improvement.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [b07d709] pskc/mac.py: Provide pskc.mac docstrings
This also hides two properties that are not part of the public API.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [285860e] pskc/encryption.py: Provide pskc.encryption docstrings
This documents classes in the pskc.encryption module.
2014-04-19 Arthur de Jong <arthur@arthurdejong.org>
* [8c9e03d] pskc/key.py, pskc/mac.py, pskc/parse.py, pskc/policy.py:
Move Key class to separate module
This also allows re-organising the imports a bit.
2014-04-16 Arthur de Jong <arthur@arthurdejong.org>
* [c883d48] MANIFEST.in, pskc/__init__.py, setup.cfg, setup.py:
Add initial setup script
2014-04-14 Arthur de Jong <arthur@arthurdejong.org>
* [3df6849] COPYING: Include a license file (LGPL)
2014-04-13 Arthur de Jong <arthur@arthurdejong.org>
* [f08cdb5] tests/rfc6030-figure10.pskc, tests/test_rfc6030.doctest:
Add bulk provisioning test from Figure 10
2014-04-13 Arthur de Jong <arthur@arthurdejong.org>
* [41828cd] pskc/parse.py: Use slightly clearer names
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [5ab731c] tests/rfc6030-figure7.pskc, tests/test_rfc6030.doctest:
Add test for Figure 7 from RFC6030
This tests encrypted key derivation using PBKDF2 and a pre-shared
passphrase.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [a3fd598] pskc/encryption.py: Implement PBKDF2 key derivation
This supports deriving the key from a passphrase and information
present in the DerivedKey and PBKDF2-params XML elements.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [2ff470f] pskc/encryption.py: Add id attribute from EncryptionKey
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [460f335] tests/rfc6030-figure6.pskc, tests/test_rfc6030.doctest:
Add test for Figure 6 from RFC6030
This test key encryption with a pre-shared key and MAC checks.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [a926ddb] pskc/mac.py, pskc/parse.py: Implement MAC checking
This implements message message authentication code checking
for the encrypted values if MACMethod and ValueMAC are present.
2014-04-12 Arthur de Jong <arthur@arthurdejong.org>
* [e53e865] pskc/encryption.py, pskc/parse.py: Support decrypting
with a pre-shared key
This adds an encryption module that provides wrappers for
handling decryption.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [3fe0919] pskc/parse.py: Refactor DataType value handling
This ensures that DataType values are retrieved dynamically
instead of at the time the PSKC file was parsed in order to make
decryption work.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [591bb5d] pskc/policy.py: Document key and pin usage values
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [b952b93] tests/rfc6030-figure5.pskc, tests/test_rfc6030.doctest:
Add test for Figure 5 from RFC6030
This test extraction of key policy information and cross-key
references.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [e939a96] pskc/parse.py, pskc/policy.py: Implement key policy
parsing
This parses key policy from PSKC files and provides a few utility
methods to help with policy validation.
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [8c9ac8c] pskc/parse.py: Support parsing date and integer values
2014-04-11 Arthur de Jong <arthur@arthurdejong.org>
* [6446f7d] tests/rfc6030-figure4.pskc, tests/test_rfc6030.doctest:
Add test for Figure 4 from RFC6030
This tests for key profile and key reference properties that
can be used to reference external keys.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [e72369f] tests/rfc6030-figure3.pskc, tests/test_rfc6030.doctest:
Add test for Figure 3 from RFC6030
This tests Figure 3 from RFC6030 with a very basic plain text
secret key and some supplementary data.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [2c111a8] pskc/parse.py: Get more data from KeyPackage
This gets most simple string values from the KeyPackage as well
as some integer and boolean values.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [96b4b54] tests/rfc6030-figure2.pskc, tests/test-rfc6030.doctest:
Add test for example from RFC6030
This tests Figure 2 from RFC6030 with a very basic plain text
secret key.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [d662cf2] pskc/parse.py: Support getting plaintext key
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [550630d] tests/test_minimal.doctest: Minimal test
This adds a doctest for the absolute minimum PSKC file that does
not contain any useful information.
2014-04-07 Arthur de Jong <arthur@arthurdejong.org>
* [bf8e7f6] pskc/__init__.py, pskc/parse.py: Basic implementation
of PSKC class
This class is used for handling PSKC files. It will parse the
file and store relevant properties for easy access. The Key
class corresponds to a single key defined in the PSKC file.
This is a very minimal implementation that only provides some
meta-data from the file and keys (work in progress).
2014-04-04 Arthur de Jong <arthur@arthurdejong.org>
* [9803dfc] README: Provide an initial README
2014-04-02 Arthur de Jong <arthur@arthurdejong.org>
* [c912bb4] .gitignore, pskc/__init__.py: Initial project layout
|